Hamleys of London Limited are committed to protecting and respecting your privacy.
We're giving you this information as part of our initiative to comply with recent legislation, and to make sure we're honest and clear about your privacy when using our website.
For the purpose of the Data Protection Act and the General Data Protection Regulation 2016/679 (the Acts), the data controller is:Hamleys of London Limited
2 Foubert's Place,
Under the EU's General Data Protection Regulation ("GDPR"): Personal Data is defined as "any information relating to an identified or identifiable natural person ('data subject'); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
The Data Controller
The Data Controller is an organisation and/or individual (legal person) who controls and is responsible to keep and use personal data in paper or electronic files. Hamleys is the data controller as defined by relevant data protection laws and regulation.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
- Consent: you have given Hamleys clear consent for your personal data to be processed for a specific purpose.
- Contract: the processing is necessary for a contract you have with Hamleys has asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for Hamleys to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone's life.
- Public task: the processing is necessary for Hamleys to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for Hamleys legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data that overrides those legitimate interests.
You have the following rights regarding our use of your personal data:
- You can access any of your data held by us.
- You can correct any inaccurate data we hold.
- You can ask us to erase any of your data held by us.
- You can restrict the types of data we hold.
- You can object to our processing any of your personal data.
- You can ask that your data be copied or transferred to a third party.
You can exercise any of the above rights by emailing firstname.lastname@example.org.
You can exercise your right to prevent such processing by checking certain boxes in the preference centre, and even where you have consented to our processing of your personal data, you can withdraw your consent at any time by emailing email@example.com.
Personal data we may collect from you
We may collect and process your data when you visit our site and when you use our site to make a purchase.
When you visit and use our website, you consent to our obtaining and processing the following information about you:
- Location data and online identifiers, including details of your visit to our site and the resources you access;
- Information about your computer, including your IP address, operating system, and browser.
- Cookies, and other information about your general internet usage.
This information is used for system administration and to ensure your experience is fully optimised. It is statistical, aggregated information and does not identify any specific individual. We may provide reports making use of this information to our advertisers.
In providing us with information through our website, you also consent to our processing this data and using it for the purposes specified by you. This may include:
- Information you provide by filling in forms on our site www.hamleys.com, including information you provide when registering an account with us, subscribing to any of our services, posting material, contacting us, or entering a competition or promotion.
- When you write to us, we may retain a copy of your correspondence and contact details.
When you make a purchase through our site, we must necessarily obtain and process the following data in order to fulfil your order with us:
- Your name, address, billing information, and contact details.
- A record of your transactions with us and your purchase history.
We process personal data relating to those who apply for job vacancies with us or who send speculative job applications to us. We do this for employment purposes, to assist us in the selection of candidates for employment, and to assist in the running of the business. The personal data may include identifiers such as name, date of birth, personal characteristics such as gender, qualifications and previous employment history.
We will not share any identifiable information about you with third parties without your consent unless the law allows or requires us to do so. The personal data provided during an application process will be retained for a period of at least six months or, if required by law, for as long as is required.
This privacy notice does not form part of an employment offer or contract between us. If we make an employment offer to you, we will provide further information about our handling of your personal information in an employment context separately.
Where we process and transfer personal data
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that Hamleys has instructed.
If Personal Data is transferred outside the UK, EEA or an Adequacy rated country Hamleys will ensure that the third-party processor adheres to the EUGDPR legislation and the transfer of data is contractually endorsed under a Data Processing Agreement, standard model clauses or Binding Corporate Rules.
All information you provide to us is stored on our suppliers' secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. We will use reasonable endeavours to protect your personal data, but we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we store your personal data for
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.
In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
How we use your personal data
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
If you are an existing customer, we may use your data to contact you about similar products or services by text or email, unless you tell us otherwise. You may opt-out of these messages by:
- Opting out of marketing communications at the time of purchase.
- Clicking the 'unsubscribe' link (and following the unsubscribe process) contained in any of our marketing communications.
- Emailing firstname.lastname@example.org.
Disclosure of your personal data
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Hamleys of London Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Third Party Websites:
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you wish to make a complaint regarding our use of your personal data, please email email@example.com. If you are unhappy with the way in which we have handled your complaint, you may escalate your complaint to the Information Commissioner's Office (ICO) by visiting www.ico.org.uk/concerns/ or contacting them by post or telephone:Information Commissioner's Office
Tel: 0303 123 1113 (local rate)
Hamleys' ICO registration number is Z6094151.